[New Feature] Execution Guard Rails (Username, Hostname, Domain/IsDomainJoined)
Closed this issue · 6 comments
red team responsibly, kiddos
- Username
- Hostname
- Domain name
- Is Domain Joined?
Domain guardrail can be implemented similarly to Tetanus agent
The NetGetJoinInformation winapi function can be used to get the domain name along with determining if the computer is domain joined or workgroup joined. The implementation I have in tetanus only returns the domain name for the system and not its domain joined status.
This looks like a better API function than what I have right now so I may migrate to it later in the future. Luckily, it's included in the winapi crate https://docs.rs/winapi/latest/winapi/um/lmjoin/fn.NetGetJoinInformation.html.
I could try to knock this out if you would like?
@MEhrn00 I haven't forgotten about this! I did some tests last night on my SLOTHCO domain controller and made some changes to the code, I'll pull this into your branch tonight so you can see
@MEhrn00 check out the changes in 746d1ee
Only two changes: the first is that the agent would not compile the Linux build due to the conditional compilation flags around the env checks. The second was to switch the assertion (key domain == domain) to a substring match. For some reason, even though they were completely identical, I could never get the domain name (slothco.lan) to match the env check and it always failed. The substring match now passes and the check works.
edit: and of course I added something in main.py to handle the new check!